|
|
|
|
@ -257,8 +257,104 @@
|
|
|
|
|
(progn (utils:set-alert "You are not logged in.") |
|
|
|
|
(redirect "/login"))))))) |
|
|
|
|
|
|
|
|
|
;; |
|
|
|
|
;; Error pages |
|
|
|
|
(defroute ("/user/admin/edit-password" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key username password authenticity-token &allow-other-keys) |
|
|
|
|
(utils:request-params (lack.request:request-body-parameters ningle:*request*)) |
|
|
|
|
(cond ((not (string= authenticity-token (auth:csrf-token))) |
|
|
|
|
`(,+forbidden+ (:content-type "text/plain") ("Denied"))) |
|
|
|
|
(t (hermetic:auth |
|
|
|
|
(:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(cond ((utils:string-is-nil-or-empty? username) |
|
|
|
|
(utils:set-alert "Username not provided. No change made.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
((utils:string-is-nil-or-empty? password) |
|
|
|
|
(utils:set-alert "Password not provided. No change made.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
((null (nera:get-user username)) |
|
|
|
|
(utils:set-alert "Unable to find user. Unable to delete account") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
(t (nera:update-user |
|
|
|
|
(user::username-of (nera:get-user username)) |
|
|
|
|
:new-password password) |
|
|
|
|
(utils:set-alert "Password changed.") |
|
|
|
|
(redirect "/users"))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn (utils:set-alert "You are not authorised to view that page.") |
|
|
|
|
(redirect "/"))))))) |
|
|
|
|
|
|
|
|
|
(defroute ("/user/admin/delete" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key username authenticity-token &allow-other-keys) |
|
|
|
|
(utils:request-params (lack.request:request-body-parameters ningle:*request*)) |
|
|
|
|
(cond ((not (string= authenticity-token (auth:csrf-token))) |
|
|
|
|
`(,+forbidden+ (:content-type "text/plain") ("Denied"))) |
|
|
|
|
(t (hermetic:auth |
|
|
|
|
(:administrator) |
|
|
|
|
;; Authorised |
|
|
|
|
(cond ((utils:string-is-nil-or-empty? username) |
|
|
|
|
(utils:set-alert "Username not provided. Unable to delete account.") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
((null (nera:get-user username)) |
|
|
|
|
(utils:set-alert "Unable to find user. Unable to delete account") |
|
|
|
|
(redirect "/users")) |
|
|
|
|
(t (nera:delete-user |
|
|
|
|
(user::username-of (nera:get-user username))) |
|
|
|
|
(utils:set-alert "Account deleted.") |
|
|
|
|
(redirect "/users"))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn (utils:set-alert "You are not logged in.") |
|
|
|
|
(redirect "/login"))))))) |
|
|
|
|
|
|
|
|
|
(defroute ("/user/delete" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key authenticity-token &allow-other-keys) |
|
|
|
|
(utils:request-params (lack.request:request-body-parameters ningle:*request*)) |
|
|
|
|
(cond ((not (string= authenticity-token (auth:csrf-token))) |
|
|
|
|
`(,+forbidden+ (:content-type "text/plain") ("Denied"))) |
|
|
|
|
(t (hermetic:auth (:logged-in) |
|
|
|
|
;; Authorised |
|
|
|
|
(progn |
|
|
|
|
(nera-db:delete-user |
|
|
|
|
(user::username-of (auth:get-current-user))) |
|
|
|
|
(hermetic:logout |
|
|
|
|
;; Successful log-out -- after account deleted |
|
|
|
|
;; (session data cleared). |
|
|
|
|
(progn (auth:flash-gethash :id ningle:*session*) |
|
|
|
|
(redirect "/")) |
|
|
|
|
;; Failed log-out -- after account deleted |
|
|
|
|
;; (session data persits). |
|
|
|
|
(progn (utils:set-alert |
|
|
|
|
"Error: Unable to delete session data.") |
|
|
|
|
(redirect "/")))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn (utils:set-alert "You are not logged in.") |
|
|
|
|
(redirect "/login"))))))) |
|
|
|
|
|
|
|
|
|
(defroute ("/create/page" :method :GET) () |
|
|
|
|
(hermetic:auth (:logged-in) |
|
|
|
|
;; Authorised |
|
|
|
|
(let ((alert (utils:get-and-reset-alert))) |
|
|
|
|
(render "/user/create-page.html" |
|
|
|
|
(append (auth:auth-user-data) |
|
|
|
|
`(:alert ,alert)))) |
|
|
|
|
;; Not Authorised |
|
|
|
|
(progn |
|
|
|
|
(utils:set-alert "You are not logged in.") |
|
|
|
|
(redirect "/login")))) |
|
|
|
|
|
|
|
|
|
;; TODO: UP-TO-HERE. NEED TO GET NIC TO DECIDE ON WHAT SHE ACTUALLY WANTS BEFORE |
|
|
|
|
;; I CAN FLUSH OUT HOW AND WHAT IS SAVED TO THE DATABASE (LOCAL) AND WHAT IS |
|
|
|
|
;; PUSHED TO MEILISEARCH DATABASE (IF USED). |
|
|
|
|
(defroute ("/create/page" :method :POST) () |
|
|
|
|
(destructuring-bind |
|
|
|
|
(&key authenticity-token page-content &allow-other-keys) |
|
|
|
|
(utils:request-params (lack.request:request-body-parameters ningle:*request*)) |
|
|
|
|
(format t "~a" page-content) |
|
|
|
|
(redirect "/create/page"))) |
|
|
|
|
;; |
|
|
|
|
;; Error pages |
|
|
|
|
|
|
|
|
|
(defmethod on-exception ((app <web>) (code (eql 404))) |
|
|
|
|
(declare (ignore app)) |
|
|
|
|
|
